Are you tired of incessant attacks that target your infrastructure, all these suspicious connection attempts that give you cold sweats?

So here Firehola formidable safety solution that will transform your basic firewall into Fort Knox.

Firehol is based on a simple but very effective principle: the pooling of knowledge of the cybersecurity community. Teams from the whole world monitor and identify malicious IP addresses, thus creating Blocking lists (Blocklists) regularly updated.

These lists cover a wide range of threats such as active botnets networks, spam sources, brute force attacks, vulnerability scanners and of course all that is proxy malicious

The establishment of Firehol is simply done, you will see. Let’s start with the basic installation:

sudo apt-get install fireholwget https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/update-ipsets.shchmod +x update-ipsets.sh

Then let’s activate the lists that interest us:

./update-ipsets.sh enable dshield spamhaus_drop spamhaus_edrop./update-ipsets.sh

You will find there Dshield held by the Institute without institute, allowing to dentify the 20 most aggressive subnets but also Spamhaus drop which is an absolute reference to block networks diverted by cybercriminals and of course Abuse.ch which remains again and always an excellent source for known botnets and malware.

There is also:

  • Openbl : Hunt down attacks by brute force
  • Blockist.de : Aggregates the abuse reports of thousands of servers
  • Emerging Threats : Identifies emerging threats

Here is an example of Firehol configuration that uses these lists:

cat /etc/firehol/firehol.confwan="eth0"ipset4 create whitelist hash:netipset4 add whitelist 192.168.0.0/16for x in dshield spamhaus_drop spamhaus_edropdo ipset4 create \${x} hash:net ipset4 addfile \${x} ipsets/\${x}.netset blacklist4 full inface "\${wan}" log "BLACKLIST \${x^^}" ipset:\${x} \ except src ipset:whitelistdoneEOF

To maintain your protection up to date, add the script to your Crontab:

crontab -e*/12 * * * * /chemin/vers/update-ipsets.sh >/dev/null 2>&1

Let’s start with a crucial point: strategic whitist. It is the basis of a good configuration. You absolutely must create a white list of your trust IP. I’m talking about your own IP, but also those of your business partners and your cloud services.

Log monitoring is absolutely crucial and you must regularly analyze your blocking newspapers to identify anomalies and identify the potential for false positives. Regarding performance optimization, I have a tip for you: limit the number of active lists and use Hash type ipsets: net. It is much more effective and it consumes fewer resources. Besides, speaking of system resources, be careful not to get carried away: the more lists you activate, the more your server will sweat. It’s mathematical!

IPETTS are really the Rolls of filtering solutions. For what ? Well because it offers ultra-fast research thanks to the hash (we talk about o (1) for the nerds), flexibility of phew with dynamic update without having to recharge everything, and a scalability that tears since you can manage millions of entries without blinking.

For the most motivated of you, you can also push the defect even further with advanced features such as Geoip Blocking to block certain countries (sorry the friends), the Liking Sailing to avoid being spammed, and filtering Application level to be even more precise in your protection. Do not forget to clean up regularly in your lists because some become obsolete faster than a French government, so regularly check their relevance.

Here are friends! With all this, you have enough to set up concrete protection! To explore all possibilities and consult the detailed statistics of the blocking lists, visit https://iplists.firehol.org/

Thanks to Lorenper for this superb discovery!

Source


Source link

Categorized in:

Technology

Tagged in:

, , , , , , , , ,